security: Adding delete methods in KeyChain
Change-Id: I8e3bbbf6e911b43189c510c56118d291f8932df4
diff --git a/src/security/key-chain.hpp b/src/security/key-chain.hpp
index 778732b..e79b9c2 100644
--- a/src/security/key-chain.hpp
+++ b/src/security/key-chain.hpp
@@ -42,24 +42,29 @@
/**
* Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK.
* @param identityName The name of the identity.
- * @return The key name of the auto-generated KSK of the identity.
+ * @return The name of the default certificate of the identity.
*/
Name
createIdentity(const Name& identityName)
{
- if (!Info::doesIdentityExist(identityName)) {
+ if (!Info::doesIdentityExist(identityName))
Info::addIdentity(identityName);
-
- Name keyName = generateRSAKeyPairAsDefault(identityName, true);
+
+ Name keyName = Info::getDefaultKeyNameForIdentity(identityName);
+
+ if(keyName.empty())
+ keyName = generateRSAKeyPairAsDefault(identityName, true);
- ptr_lib::shared_ptr<IdentityCertificate> selfCert = selfSign(keyName);
-
- Info::addCertificateAsIdentityDefault(*selfCert);
+ Name certName = Info::getDefaultCertificateNameForKey(keyName);
- return keyName;
- }
- else
- return Name();
+ if(certName.empty())
+ {
+ ptr_lib::shared_ptr<IdentityCertificate> selfCert = selfSign(keyName);
+ Info::addCertificateAsIdentityDefault(*selfCert);
+ certName = selfCert->getName();
+ }
+
+ return certName;
}
/**
@@ -227,34 +232,6 @@
interest.getName().append(signature.getValue());
}
-
- void
- sign(Data &data, const IdentityCertificate& certificate)
- {
- SignatureSha256WithRsa signature;
- signature.setKeyLocator(certificate.getName().getPrefix(-1));
- data.setSignature(signature);
-
- // For temporary usage, we support RSA + SHA256 only, but will support more.
- signDataInTpm(data, certificate.getPublicKeyName(), DIGEST_ALGORITHM_SHA256);
- }
-
- void
- sign(Interest &interest, const IdentityCertificate& certificate)
- {
- SignatureSha256WithRsa signature;
- signature.setKeyLocator(certificate.getName().getPrefix(-1)); // implicit conversion should take care
-
- Name &interestName = interest.getName();
- interestName.append(Name::Component::fromNumber(getNow())).append(signature.getInfo());
-
- signature.setValue(Tpm::signInTpm(interestName.wireEncode().value(),
- interestName.wireEncode().value_size(),
- certificate.getPublicKeyName(),
- DIGEST_ALGORITHM_SHA256));
-
- interestName.append(signature.getValue());
- }
/**
* Sign the byte array using a certificate name and return a Signature object.
@@ -288,8 +265,8 @@
{
Name signingCertificateName = Info::getDefaultCertificateNameForIdentity(identityName);
- if (signingCertificateName.getComponentCount() == 0)
- throw std::runtime_error("No qualified certificate name found!");
+ if (signingCertificateName.empty())
+ signingCertificateName = createIdentity(identityName);
sign(data, signingCertificateName);
}
@@ -299,8 +276,8 @@
{
Name signingCertificateName = Info::getDefaultCertificateNameForIdentity(identityName);
- if (signingCertificateName.getComponentCount() == 0)
- throw std::runtime_error("No qualified certificate name found!");
+ if (signingCertificateName.empty())
+ signingCertificateName = createIdentity(identityName);
sign(interest, signingCertificateName);
}
@@ -314,12 +291,12 @@
* @return The Signature.
*/
Signature
- signByIdentity(const uint8_t* buffer, size_t bufferLength, const Name& identityName = Name())
+ signByIdentity(const uint8_t* buffer, size_t bufferLength, const Name& identityName)
{
Name signingCertificateName = Info::getDefaultCertificateNameForIdentity(identityName);
- if (signingCertificateName.size() == 0)
- throw std::runtime_error("No qualified certificate name found!");
+ if (signingCertificateName.empty())
+ signingCertificateName = createIdentity(identityName);
return sign(buffer, bufferLength, signingCertificateName);
}
@@ -369,8 +346,73 @@
signDataInTpm(cert, cert.getPublicKeyName(), DIGEST_ALGORITHM_SHA256);
}
+ void
+ deleteCertificate (const Name &certificateName)
+ {
+ if(Info::getDefaultIdentity() == IdentityCertificate::certificateNameToPublicKeyName(certificateName).getPrefix(-1))
+ return;
+
+ Info::deleteCertificateInfo(certificateName);
+ }
+
+ void
+ deleteKey (const Name &keyName)
+ {
+ if(Info::getDefaultIdentity() == keyName.getPrefix(-1))
+ return;
+
+ Info::deletePublicKeyInfo(keyName);
+ Tpm::deleteKeyPairInTpm(keyName);
+ }
+
+ void
+ deleteIdentity (const Name &identity)
+ {
+ if(Info::getDefaultIdentity() == identity)
+ return;
+
+ std::vector<Name> nameList;
+ Info::getAllKeyNamesOfIdentity(identity, nameList, true);
+ Info::getAllKeyNamesOfIdentity(identity, nameList, false);
+
+ Info::deleteIdentityInfo(identity);
+
+ std::vector<Name>::const_iterator it = nameList.begin();
+ for(; it != nameList.end(); it++)
+ Tpm::deleteKeyPairInTpm(*it);
+ }
+
private:
+
+ void
+ sign(Data &data, const IdentityCertificate& certificate)
+ {
+ SignatureSha256WithRsa signature;
+ signature.setKeyLocator(certificate.getName().getPrefix(-1));
+ data.setSignature(signature);
+
+ // For temporary usage, we support RSA + SHA256 only, but will support more.
+ signDataInTpm(data, certificate.getPublicKeyName(), DIGEST_ALGORITHM_SHA256);
+ }
+
+ void
+ sign(Interest &interest, const IdentityCertificate& certificate)
+ {
+ SignatureSha256WithRsa signature;
+ signature.setKeyLocator(certificate.getName().getPrefix(-1)); // implicit conversion should take care
+
+ Name &interestName = interest.getName();
+ interestName.append(Name::Component::fromNumber(getNow())).append(signature.getInfo());
+
+ signature.setValue(Tpm::signInTpm(interestName.wireEncode().value(),
+ interestName.wireEncode().value_size(),
+ certificate.getPublicKeyName(),
+ DIGEST_ALGORITHM_SHA256));
+
+ interestName.append(signature.getValue());
+ }
+
/**
* Generate a key pair for the specified identity.
* @param identityName The name of the specified identity.
diff --git a/src/security/sec-public-info-memory.cpp b/src/security/sec-public-info-memory.cpp
index 2fc7418..c6d7316 100644
--- a/src/security/sec-public-info-memory.cpp
+++ b/src/security/sec-public-info-memory.cpp
@@ -171,35 +171,54 @@
}
-std::vector<Name>
-SecPublicInfoMemory::getAllIdentities(bool isDefault)
+void
+SecPublicInfoMemory::getAllIdentities(std::vector<Name> &nameList, bool isDefault)
{
throw runtime_error("SecPublicInfoMemory::getAllIdentities not implemented");
}
-std::vector<Name>
-SecPublicInfoMemory::getAllKeyNames(bool isDefault)
+void
+SecPublicInfoMemory::getAllKeyNames(std::vector<Name> &nameList, bool isDefault)
{
throw runtime_error("SecPublicInfoMemory::getAllKeyNames not implemented");
}
-std::vector<Name>
-SecPublicInfoMemory::getAllKeyNamesOfIdentity(const Name& identity, bool isDefault)
+void
+SecPublicInfoMemory::getAllKeyNamesOfIdentity(const Name& identity, std::vector<Name> &nameList, bool isDefault)
{
throw runtime_error("SecPublicInfoMemory::getAllKeyNamesOfIdentity not implemented");
}
-std::vector<Name>
-SecPublicInfoMemory::getAllCertificateNames(bool isDefault)
+void
+SecPublicInfoMemory::getAllCertificateNames(std::vector<Name> &nameList, bool isDefault)
{
throw runtime_error("SecPublicInfoMemory::getAllCertificateNames not implemented");
}
-std::vector<Name>
-SecPublicInfoMemory::getAllCertificateNamesOfKey(const Name& keyName, bool isDefault)
+void
+SecPublicInfoMemory::getAllCertificateNamesOfKey(const Name& keyName, std::vector<Name> &nameList, bool isDefault)
{
throw runtime_error("SecPublicInfoMemory::getAllCertificateNamesOfKey not implemented");
}
+void
+SecPublicInfoMemory::deleteCertificateInfo(const Name &certName)
+{
+ throw runtime_error("SecPublicInfoMemory::deleteCertificateInfo not implemented");
+}
+
+void
+SecPublicInfoMemory::deletePublicKeyInfo(const Name &keyName)
+{
+ throw runtime_error("SecPublicInfoMemory::deletePublicKeyInfo not implemented");
+}
+
+void
+SecPublicInfoMemory::deleteIdentityInfo(const Name &identityName)
+{
+ throw runtime_error("SecPublicInfoMemory::deleteIdentityInfo not implemented");
+}
+
+
}
diff --git a/src/security/sec-public-info-memory.hpp b/src/security/sec-public-info-memory.hpp
index c991f1a..eb747e9 100644
--- a/src/security/sec-public-info-memory.hpp
+++ b/src/security/sec-public-info-memory.hpp
@@ -142,20 +142,20 @@
virtual Name
getDefaultCertificateNameForKey(const Name& keyName);
- virtual std::vector<Name>
- getAllIdentities(bool isDefault);
+ virtual void
+ getAllIdentities(std::vector<Name> &nameList, bool isDefault);
- virtual std::vector<Name>
- getAllKeyNames(bool isDefault);
+ virtual void
+ getAllKeyNames(std::vector<Name> &nameList, bool isDefault);
- virtual std::vector<Name>
- getAllKeyNamesOfIdentity(const Name& identity, bool isDefault);
+ virtual void
+ getAllKeyNamesOfIdentity(const Name& identity, std::vector<Name> &nameList, bool isDefault);
- virtual std::vector<Name>
- getAllCertificateNames(bool isDefault);
+ virtual void
+ getAllCertificateNames(std::vector<Name> &nameList, bool isDefault);
- virtual std::vector<Name>
- getAllCertificateNamesOfKey(const Name& keyName, bool isDefault);
+ virtual void
+ getAllCertificateNamesOfKey(const Name& keyName, std::vector<Name> &nameList, bool isDefault);
protected:
/**
@@ -182,6 +182,27 @@
virtual void
setDefaultCertificateNameForKeyInternal(const Name& certificateName);
+ /**
+ * Delete a certificate.
+ * @param certificateName The certificate name.
+ */
+ virtual void
+ deleteCertificateInfo(const Name &certificateName);
+
+ /**
+ * Delete a public key and related certificates.
+ * @param keyName The key name.
+ */
+ virtual void
+ deletePublicKeyInfo(const Name &keyName);
+
+ /**
+ * Delete an identity and related public keys and certificates.
+ * @param identity The identity name.
+ */
+ virtual void
+ deleteIdentityInfo(const Name &identity);
+
private:
class KeyRecord {
diff --git a/src/security/sec-public-info-sqlite3.cpp b/src/security/sec-public-info-sqlite3.cpp
index fe96f07..7e6f4c8 100644
--- a/src/security/sec-public-info-sqlite3.cpp
+++ b/src/security/sec-public-info-sqlite3.cpp
@@ -89,14 +89,14 @@
boost::filesystem::path identityDir = boost::filesystem::path(getenv("HOME")) / ".ndnx";
boost::filesystem::create_directories (identityDir);
- int res = sqlite3_open((identityDir / "ndnsec-public-info.db").c_str(), &database_);
+ int res = sqlite3_open((identityDir / "ndnsec-public-info.db").c_str(), &m_database);
if (res != SQLITE_OK)
throw Error("identity DB cannot be opened/created");
//Check if Key table exists;
sqlite3_stmt *statement;
- sqlite3_prepare_v2(database_, "SELECT name FROM sqlite_master WHERE type='table' And name='Identity'", -1, &statement, 0);
+ sqlite3_prepare_v2(m_database, "SELECT name FROM sqlite_master WHERE type='table' And name='Identity'", -1, &statement, 0);
res = sqlite3_step(statement);
bool idTableExists = false;
@@ -107,7 +107,7 @@
if (!idTableExists) {
char *errorMessage = 0;
- res = sqlite3_exec(database_, INIT_ID_TABLE.c_str(), NULL, NULL, &errorMessage);
+ res = sqlite3_exec(m_database, INIT_ID_TABLE.c_str(), NULL, NULL, &errorMessage);
if (res != SQLITE_OK && errorMessage != 0) {
_LOG_TRACE("Init \"error\" in Identity: " << errorMessage);
@@ -116,7 +116,7 @@
}
//Check if Key table exists;
- sqlite3_prepare_v2(database_, "SELECT name FROM sqlite_master WHERE type='table' And name='Key'", -1, &statement, 0);
+ sqlite3_prepare_v2(m_database, "SELECT name FROM sqlite_master WHERE type='table' And name='Key'", -1, &statement, 0);
res = sqlite3_step(statement);
bool keyTableExists = false;
@@ -127,7 +127,7 @@
if (!keyTableExists) {
char *errorMessage = 0;
- res = sqlite3_exec(database_, INIT_KEY_TABLE.c_str(), NULL, NULL, &errorMessage);
+ res = sqlite3_exec(m_database, INIT_KEY_TABLE.c_str(), NULL, NULL, &errorMessage);
if (res != SQLITE_OK && errorMessage != 0) {
_LOG_TRACE("Init \"error\" in KEY: " << errorMessage);
@@ -136,7 +136,7 @@
}
//Check if Certificate table exists;
- sqlite3_prepare_v2(database_, "SELECT name FROM sqlite_master WHERE type='table' And name='Certificate'", -1, &statement, 0);
+ sqlite3_prepare_v2(m_database, "SELECT name FROM sqlite_master WHERE type='table' And name='Certificate'", -1, &statement, 0);
res = sqlite3_step(statement);
bool idCertificateTableExists = false;
@@ -147,7 +147,7 @@
if (!idCertificateTableExists) {
char *errorMessage = 0;
- res = sqlite3_exec(database_, INIT_CERT_TABLE.c_str(), NULL, NULL, &errorMessage);
+ res = sqlite3_exec(m_database, INIT_CERT_TABLE.c_str(), NULL, NULL, &errorMessage);
if (res != SQLITE_OK && errorMessage != 0) {
_LOG_TRACE("Init \"error\" in ID-CERT: " << errorMessage);
@@ -166,7 +166,7 @@
bool result = false;
sqlite3_stmt *statement;
- sqlite3_prepare_v2(database_, "SELECT count(*) FROM Identity WHERE identity_name=?", -1, &statement, 0);
+ sqlite3_prepare_v2(m_database, "SELECT count(*) FROM Identity WHERE identity_name=?", -1, &statement, 0);
sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
int res = sqlite3_step(statement);
@@ -190,7 +190,7 @@
sqlite3_stmt *statement;
- sqlite3_prepare_v2(database_, "INSERT INTO Identity (identity_name) values (?)", -1, &statement, 0);
+ sqlite3_prepare_v2(m_database, "INSERT INTO Identity (identity_name) values (?)", -1, &statement, 0);
sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
@@ -216,7 +216,7 @@
Name identityName = keyName.getPrefix(-1);
sqlite3_stmt *statement;
- sqlite3_prepare_v2(database_, "SELECT count(*) FROM Key WHERE identity_name=? AND key_identifier=?", -1, &statement, 0);
+ sqlite3_prepare_v2(m_database, "SELECT count(*) FROM Key WHERE identity_name=? AND key_identifier=?", -1, &statement, 0);
sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
sqlite3_bind_text(statement, 2, keyId, SQLITE_TRANSIENT);
@@ -252,7 +252,7 @@
throw Error("a key with the same name already exists!");
sqlite3_stmt *statement;
- sqlite3_prepare_v2(database_, "INSERT INTO Key (identity_name, key_identifier, key_type, public_key) values (?, ?, ?, ?)", -1, &statement, 0);
+ sqlite3_prepare_v2(m_database, "INSERT INTO Key (identity_name, key_identifier, key_type, public_key) values (?, ?, ?, ?)", -1, &statement, 0);
sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
sqlite3_bind_text(statement, 2, keyId, SQLITE_TRANSIENT);
@@ -276,7 +276,7 @@
Name identityName = keyName.getPrefix(-1);
sqlite3_stmt *statement;
- sqlite3_prepare_v2(database_, "SELECT public_key FROM Key WHERE identity_name=? AND key_identifier=?", -1, &statement, 0);
+ sqlite3_prepare_v2(m_database, "SELECT public_key FROM Key WHERE identity_name=? AND key_identifier=?", -1, &statement, 0);
sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
sqlite3_bind_text(statement, 2, keyId, SQLITE_TRANSIENT);
@@ -302,7 +302,7 @@
Name identityName = keyName.getPrefix(-1);
sqlite3_stmt *statement;
- sqlite3_prepare_v2(database_, "UPDATE Key SET active=? WHERE identity_name=? AND key_identifier=?", -1, &statement, 0);
+ sqlite3_prepare_v2(m_database, "UPDATE Key SET active=? WHERE identity_name=? AND key_identifier=?", -1, &statement, 0);
sqlite3_bind_int(statement, 1, (isActive ? 1 : 0));
sqlite3_bind_text(statement, 2, identityName.toUri(), SQLITE_TRANSIENT);
@@ -317,7 +317,7 @@
SecPublicInfoSqlite3::doesCertificateExist(const Name& certificateName)
{
sqlite3_stmt *statement;
- sqlite3_prepare_v2(database_, "SELECT count(*) FROM Certificate WHERE cert_name=?", -1, &statement, 0);
+ sqlite3_prepare_v2(m_database, "SELECT count(*) FROM Certificate WHERE cert_name=?", -1, &statement, 0);
sqlite3_bind_text(statement, 1, certificateName.toUri(), SQLITE_TRANSIENT);
@@ -348,7 +348,7 @@
std::string identityName = keyName.getPrefix(-1).toUri();
sqlite3_stmt *statement;
- sqlite3_prepare_v2(database_,
+ sqlite3_prepare_v2(m_database,
"INSERT INTO Certificate (cert_name, cert_issuer, identity_name, key_identifier, not_before, not_after, certificate_data)\
values (?, ?, ?, ?, datetime(?, 'unixepoch'), datetime(?, 'unixepoch'), ?)",
-1, &statement, 0);
@@ -402,7 +402,7 @@
// Insert the certificate
sqlite3_stmt *statement;
- sqlite3_prepare_v2(database_,
+ sqlite3_prepare_v2(m_database,
"INSERT INTO Certificate (cert_name, cert_issuer, identity_name, key_identifier, not_before, not_after, certificate_data)\
values (?, ?, ?, ?, datetime(?, 'unixepoch'), datetime(?, 'unixepoch'), ?)",
-1, &statement, 0);
@@ -435,7 +435,7 @@
{
sqlite3_stmt *statement;
- sqlite3_prepare_v2(database_,
+ sqlite3_prepare_v2(m_database,
"SELECT certificate_data FROM Certificate WHERE cert_name=?",
-1, &statement, 0);
@@ -459,7 +459,7 @@
SecPublicInfoSqlite3::getDefaultIdentity()
{
sqlite3_stmt *statement;
- sqlite3_prepare_v2(database_, "SELECT identity_name FROM Identity WHERE default_identity=1", -1, &statement, 0);
+ sqlite3_prepare_v2(m_database, "SELECT identity_name FROM Identity WHERE default_identity=1", -1, &statement, 0);
int res = sqlite3_step(statement);
@@ -479,7 +479,7 @@
sqlite3_stmt *statement;
//Reset previous default identity
- sqlite3_prepare_v2(database_, "UPDATE Identity SET default_identity=0 WHERE default_identity=1", -1, &statement, 0);
+ sqlite3_prepare_v2(m_database, "UPDATE Identity SET default_identity=0 WHERE default_identity=1", -1, &statement, 0);
while (sqlite3_step(statement) == SQLITE_ROW)
{}
@@ -487,7 +487,7 @@
sqlite3_finalize(statement);
//Set current default identity
- sqlite3_prepare_v2(database_, "UPDATE Identity SET default_identity=1 WHERE identity_name=?", -1, &statement, 0);
+ sqlite3_prepare_v2(m_database, "UPDATE Identity SET default_identity=1 WHERE identity_name=?", -1, &statement, 0);
sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
@@ -500,7 +500,7 @@
SecPublicInfoSqlite3::getDefaultKeyNameForIdentity(const Name& identityName)
{
sqlite3_stmt *statement;
- sqlite3_prepare_v2(database_, "SELECT key_identifier FROM Key WHERE identity_name=? AND default_key=1", -1, &statement, 0);
+ sqlite3_prepare_v2(m_database, "SELECT key_identifier FROM Key WHERE identity_name=? AND default_key=1", -1, &statement, 0);
sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
@@ -528,7 +528,7 @@
sqlite3_stmt *statement;
//Reset previous default Key
- sqlite3_prepare_v2(database_, "UPDATE Key SET default_key=0 WHERE default_key=1 and identity_name=?", -1, &statement, 0);
+ sqlite3_prepare_v2(m_database, "UPDATE Key SET default_key=0 WHERE default_key=1 and identity_name=?", -1, &statement, 0);
sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
@@ -538,7 +538,7 @@
sqlite3_finalize(statement);
//Set current default Key
- sqlite3_prepare_v2(database_, "UPDATE Key SET default_key=1 WHERE identity_name=? AND key_identifier=?", -1, &statement, 0);
+ sqlite3_prepare_v2(m_database, "UPDATE Key SET default_key=1 WHERE identity_name=? AND key_identifier=?", -1, &statement, 0);
sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
sqlite3_bind_text(statement, 2, keyId, SQLITE_TRANSIENT);
@@ -558,7 +558,7 @@
Name identityName = keyName.getPrefix(-1);
sqlite3_stmt *statement;
- sqlite3_prepare_v2(database_, "SELECT cert_name FROM Certificate WHERE identity_name=? AND key_identifier=? AND default_cert=1", -1, &statement, 0);
+ sqlite3_prepare_v2(m_database, "SELECT cert_name FROM Certificate WHERE identity_name=? AND key_identifier=? AND default_cert=1", -1, &statement, 0);
sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
sqlite3_bind_text(statement, 2, keyId, SQLITE_TRANSIENT);
@@ -588,7 +588,7 @@
sqlite3_stmt *statement;
//Reset previous default Key
- sqlite3_prepare_v2(database_, "UPDATE Certificate SET default_cert=0 WHERE default_cert=1 AND identity_name=? AND key_identifier=?", -1, &statement, 0);
+ sqlite3_prepare_v2(m_database, "UPDATE Certificate SET default_cert=0 WHERE default_cert=1 AND identity_name=? AND key_identifier=?", -1, &statement, 0);
sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
sqlite3_bind_text(statement, 2, keyId, SQLITE_TRANSIENT);
@@ -599,7 +599,7 @@
sqlite3_finalize(statement);
//Set current default Key
- sqlite3_prepare_v2(database_, "UPDATE Certificate SET default_cert=1 WHERE identity_name=? AND key_identifier=? AND cert_name=?", -1, &statement, 0);
+ sqlite3_prepare_v2(m_database, "UPDATE Certificate SET default_cert=1 WHERE identity_name=? AND key_identifier=? AND cert_name=?", -1, &statement, 0);
sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
sqlite3_bind_text(statement, 2, keyId, SQLITE_TRANSIENT);
@@ -610,33 +610,30 @@
sqlite3_finalize(statement);
}
-vector<Name>
-SecPublicInfoSqlite3::getAllIdentities(bool isDefault)
+void
+SecPublicInfoSqlite3::getAllIdentities(vector<Name> &nameList, bool isDefault)
{
sqlite3_stmt *stmt;
if(isDefault)
- sqlite3_prepare_v2 (database_, "SELECT identity_name FROM Identity WHERE default_identity=1", -1, &stmt, 0);
+ sqlite3_prepare_v2 (m_database, "SELECT identity_name FROM Identity WHERE default_identity=1", -1, &stmt, 0);
else
- sqlite3_prepare_v2 (database_, "SELECT identity_name FROM Identity WHERE default_identity=0", -1, &stmt, 0);
+ sqlite3_prepare_v2 (m_database, "SELECT identity_name FROM Identity WHERE default_identity=0", -1, &stmt, 0);
- vector<Name> nameList;
while(sqlite3_step (stmt) == SQLITE_ROW)
nameList.push_back(Name(string(reinterpret_cast<const char *>(sqlite3_column_text(stmt, 0)), sqlite3_column_bytes (stmt, 0))));
sqlite3_finalize (stmt);
- return nameList;
}
-vector<Name>
-SecPublicInfoSqlite3::getAllKeyNames(bool isDefault)
+void
+SecPublicInfoSqlite3::getAllKeyNames(vector<Name> &nameList, bool isDefault)
{
sqlite3_stmt *stmt;
if(isDefault)
- sqlite3_prepare_v2 (database_, "SELECT identity_name, key_identifier FROM Key WHERE default_key=1", -1, &stmt, 0);
+ sqlite3_prepare_v2 (m_database, "SELECT identity_name, key_identifier FROM Key WHERE default_key=1", -1, &stmt, 0);
else
- sqlite3_prepare_v2 (database_, "SELECT identity_name, key_identifier FROM Key WHERE default_key=0", -1, &stmt, 0);
+ sqlite3_prepare_v2 (m_database, "SELECT identity_name, key_identifier FROM Key WHERE default_key=0", -1, &stmt, 0);
- vector<Name> nameList;
while(sqlite3_step (stmt) == SQLITE_ROW)
{
Name keyName(string(reinterpret_cast<const char *>(sqlite3_column_text(stmt, 0)), sqlite3_column_bytes (stmt, 0)));
@@ -644,21 +641,19 @@
nameList.push_back(keyName);
}
sqlite3_finalize (stmt);
- return nameList;
}
-vector<Name>
-SecPublicInfoSqlite3::getAllKeyNamesOfIdentity(const Name& identity, bool isDefault)
+void
+SecPublicInfoSqlite3::getAllKeyNamesOfIdentity(const Name& identity, vector<Name> &nameList, bool isDefault)
{
sqlite3_stmt *stmt;
if(isDefault)
- sqlite3_prepare_v2 (database_, "SELECT key_identifier FROM Key WHERE default_key=1 and identity_name=?", -1, &stmt, 0);
+ sqlite3_prepare_v2 (m_database, "SELECT key_identifier FROM Key WHERE default_key=1 and identity_name=?", -1, &stmt, 0);
else
- sqlite3_prepare_v2 (database_, "SELECT key_identifier FROM Key WHERE default_key=0 and identity_name=?", -1, &stmt, 0);
+ sqlite3_prepare_v2 (m_database, "SELECT key_identifier FROM Key WHERE default_key=0 and identity_name=?", -1, &stmt, 0);
sqlite3_bind_text(stmt, 1, identity.toUri().c_str(), identity.toUri().size (), SQLITE_TRANSIENT);
- vector<Name> nameList;
while(sqlite3_step (stmt) == SQLITE_ROW)
{
Name keyName(identity);
@@ -666,49 +661,102 @@
nameList.push_back(keyName);
}
sqlite3_finalize (stmt);
- return nameList;
}
-vector<Name>
-SecPublicInfoSqlite3::getAllCertificateNames(bool isDefault)
+void
+SecPublicInfoSqlite3::getAllCertificateNames(vector<Name> &nameList, bool isDefault)
{
sqlite3_stmt *stmt;
if(isDefault)
- sqlite3_prepare_v2 (database_, "SELECT cert_name FROM Certificate WHERE default_cert=1", -1, &stmt, 0);
+ sqlite3_prepare_v2 (m_database, "SELECT cert_name FROM Certificate WHERE default_cert=1", -1, &stmt, 0);
else
- sqlite3_prepare_v2 (database_, "SELECT cert_name FROM Certificate WHERE default_cert=0", -1, &stmt, 0);
+ sqlite3_prepare_v2 (m_database, "SELECT cert_name FROM Certificate WHERE default_cert=0", -1, &stmt, 0);
- vector<Name> nameList;
while(sqlite3_step (stmt) == SQLITE_ROW)
nameList.push_back(string(reinterpret_cast<const char *>(sqlite3_column_text(stmt, 0)), sqlite3_column_bytes (stmt, 0)));
sqlite3_finalize (stmt);
- return nameList;
}
-vector<Name>
-SecPublicInfoSqlite3::getAllCertificateNamesOfKey(const Name& keyName, bool isDefault)
+void
+SecPublicInfoSqlite3::getAllCertificateNamesOfKey(const Name& keyName, vector<Name> &nameList, bool isDefault)
{
if(keyName.empty())
- return vector<Name>();
+ return;
sqlite3_stmt *stmt;
if(isDefault)
- sqlite3_prepare_v2 (database_, "SELECT cert_name FROM Certificate WHERE default_cert=1 and identity_name=? and key_identifier=?", -1, &stmt, 0);
+ sqlite3_prepare_v2 (m_database, "SELECT cert_name FROM Certificate WHERE default_cert=1 and identity_name=? and key_identifier=?", -1, &stmt, 0);
else
- sqlite3_prepare_v2 (database_, "SELECT cert_name FROM Certificate WHERE default_cert=0 and identity_name=? and key_identifier=?", -1, &stmt, 0);
+ sqlite3_prepare_v2 (m_database, "SELECT cert_name FROM Certificate WHERE default_cert=0 and identity_name=? and key_identifier=?", -1, &stmt, 0);
Name identity = keyName.getPrefix(-1);
sqlite3_bind_text(stmt, 1, identity.toUri().c_str(), identity.toUri().size (), SQLITE_TRANSIENT);
std::string baseKeyName = keyName.get(-1).toEscapedString();
sqlite3_bind_text(stmt, 2, baseKeyName.c_str(), baseKeyName.size(), SQLITE_TRANSIENT);
- vector<Name> nameList;
while(sqlite3_step (stmt) == SQLITE_ROW)
nameList.push_back(string(reinterpret_cast<const char *>(sqlite3_column_text(stmt, 0)), sqlite3_column_bytes (stmt, 0)));
sqlite3_finalize (stmt);
- return nameList;
+}
+
+void
+SecPublicInfoSqlite3::deleteCertificateInfo(const Name &certName)
+{
+ if(certName.empty())
+ return;
+
+ sqlite3_stmt *stmt;
+ sqlite3_prepare_v2(m_database, "DELETE FROM Certificate WHERE cert_name=?", -1, &stmt, 0);
+ sqlite3_bind_text(stmt, 1, certName.toUri().c_str(), certName.toUri().size (), SQLITE_TRANSIENT);
+ sqlite3_step(stmt);
+ sqlite3_finalize (stmt);
+}
+
+void
+SecPublicInfoSqlite3::deletePublicKeyInfo(const Name &keyName)
+{
+ if(keyName.empty())
+ return;
+
+ string identity = keyName.getPrefix(-1).toUri();
+ string keyId = keyName.get(-1).toEscapedString();
+
+ sqlite3_stmt *stmt;
+ sqlite3_prepare_v2(m_database, "DELETE FROM Certificate WHERE identity_name=? and key_identifier=?", -1, &stmt, 0);
+ sqlite3_bind_text(stmt, 1, identity.c_str(), identity.size (), SQLITE_TRANSIENT);
+ sqlite3_bind_text(stmt, 2, keyId.c_str(), keyId.size(), SQLITE_TRANSIENT);
+ sqlite3_step(stmt);
+ sqlite3_finalize (stmt);
+
+ sqlite3_prepare_v2(m_database, "DELETE FROM Key WHERE identity_name=? and key_identifier=?", -1, &stmt, 0);
+ sqlite3_bind_text(stmt, 1, identity.c_str(), identity.size (), SQLITE_TRANSIENT);
+ sqlite3_bind_text(stmt, 2, keyId.c_str(), keyId.size(), SQLITE_TRANSIENT);
+ sqlite3_step(stmt);
+ sqlite3_finalize (stmt);
+}
+
+void
+SecPublicInfoSqlite3::deleteIdentityInfo(const Name &identityName)
+{
+ string identity = identityName.toUri();
+
+ sqlite3_stmt *stmt;
+ sqlite3_prepare_v2(m_database, "DELETE FROM Certificate WHERE identity_name=?", -1, &stmt, 0);
+ sqlite3_bind_text(stmt, 1, identity.c_str(), identity.size (), SQLITE_TRANSIENT);
+ sqlite3_step(stmt);
+ sqlite3_finalize (stmt);
+
+ sqlite3_prepare_v2(m_database, "DELETE FROM Key WHERE identity_name=?", -1, &stmt, 0);
+ sqlite3_bind_text(stmt, 1, identity.c_str(), identity.size (), SQLITE_TRANSIENT);
+ sqlite3_step(stmt);
+ sqlite3_finalize (stmt);
+
+ sqlite3_prepare_v2(m_database, "DELETE FROM Identity WHERE identity_name=?", -1, &stmt, 0);
+ sqlite3_bind_text(stmt, 1, identity.c_str(), identity.size (), SQLITE_TRANSIENT);
+ sqlite3_step(stmt);
+ sqlite3_finalize (stmt);
}
} // namespace ndn
diff --git a/src/security/sec-public-info-sqlite3.hpp b/src/security/sec-public-info-sqlite3.hpp
index f6e45c3..94dc0fa 100644
--- a/src/security/sec-public-info-sqlite3.hpp
+++ b/src/security/sec-public-info-sqlite3.hpp
@@ -154,20 +154,20 @@
virtual Name
getDefaultCertificateNameForKey(const Name& keyName);
- virtual std::vector<Name>
- getAllIdentities(bool isDefault);
+ virtual void
+ getAllIdentities(std::vector<Name> &nameList, bool isDefault);
- virtual std::vector<Name>
- getAllKeyNames(bool isDefault);
+ virtual void
+ getAllKeyNames(std::vector<Name> &nameList, bool isDefault);
- virtual std::vector<Name>
- getAllKeyNamesOfIdentity(const Name& identity, bool isDefault);
+ virtual void
+ getAllKeyNamesOfIdentity(const Name& identity, std::vector<Name> &nameList, bool isDefault);
- virtual std::vector<Name>
- getAllCertificateNames(bool isDefault);
+ virtual void
+ getAllCertificateNames(std::vector<Name> &nameList, bool isDefault);
- virtual std::vector<Name>
- getAllCertificateNamesOfKey(const Name& keyName, bool isDefault);
+ virtual void
+ getAllCertificateNamesOfKey(const Name& keyName, std::vector<Name> &nameList, bool isDefault);
protected:
/**
@@ -193,12 +193,33 @@
*/
virtual void
setDefaultCertificateNameForKeyInternal(const Name& certificateName);
+
+ /**
+ * Delete a certificate.
+ * @param certificateName The certificate name.
+ */
+ virtual void
+ deleteCertificateInfo(const Name &certificateName);
+
+ /**
+ * Delete a public key and related certificates.
+ * @param keyName The key name.
+ */
+ virtual void
+ deletePublicKeyInfo(const Name &keyName);
+
+ /**
+ * Delete an identity and related public keys and certificates.
+ * @param identity The identity name.
+ */
+ virtual void
+ deleteIdentityInfo(const Name &identity);
private:
void
updateKeyStatus(const Name& keyName, bool isActive);
- sqlite3 *database_;
+ sqlite3 * m_database;
};
void
diff --git a/src/security/sec-public-info.hpp b/src/security/sec-public-info.hpp
index 7cd7230..37afd5d 100644
--- a/src/security/sec-public-info.hpp
+++ b/src/security/sec-public-info.hpp
@@ -145,20 +145,20 @@
virtual Name
getDefaultCertificateNameForKey(const Name& keyName) = 0;
- virtual std::vector<Name>
- getAllIdentities(bool isDefault) = 0;
+ virtual void
+ getAllIdentities(std::vector<Name> &nameList, bool isDefault) = 0;
- virtual std::vector<Name>
- getAllKeyNames(bool isDefault) = 0;
+ virtual void
+ getAllKeyNames(std::vector<Name> &nameList, bool isDefault) = 0;
- virtual std::vector<Name>
- getAllKeyNamesOfIdentity(const Name& identity, bool isDefault) = 0;
+ virtual void
+ getAllKeyNamesOfIdentity(const Name& identity, std::vector<Name> &nameList, bool isDefault) = 0;
- virtual std::vector<Name>
- getAllCertificateNames(bool isDefault) = 0;
+ virtual void
+ getAllCertificateNames(std::vector<Name> &nameList, bool isDefault) = 0;
- virtual std::vector<Name>
- getAllCertificateNamesOfKey(const Name& keyName, bool isDefault) = 0;
+ virtual void
+ getAllCertificateNamesOfKey(const Name& keyName, std::vector<Name> &nameList, bool isDefault) = 0;
protected:
@@ -188,6 +188,31 @@
virtual void
setDefaultCertificateNameForKeyInternal(const Name& certificateName) = 0;
+ /*****************************************
+ * Delete Methods *
+ *****************************************/
+
+ /**
+ * Delete a certificate.
+ * @param certificateName The certificate name.
+ */
+ virtual void
+ deleteCertificateInfo(const Name &certificateName) = 0;
+
+ /**
+ * Delete a public key and related certificates.
+ * @param keyName The key name.
+ */
+ virtual void
+ deletePublicKeyInfo(const Name &keyName) = 0;
+
+ /**
+ * Delete an identity and related public keys and certificates.
+ * @param identity The identity name.
+ */
+ virtual void
+ deleteIdentityInfo(const Name &identity) = 0;
+
public:
/*****************************************
@@ -306,12 +331,12 @@
else
oss << "dsk-";
- oss << static_cast<int>(getNow()/1000);
+ oss << static_cast<int>(getNow());
Name keyName = Name(identityName).append(oss.str());
if (doesPublicKeyExist(keyName))
- throw Error("Key name already exists");
+ throw Error("Key name already exists: " + keyName.toUri());
return keyName;
}
@@ -374,7 +399,6 @@
defaultCertificate_ = getCertificate(certName);
}
-
}
#endif
diff --git a/src/security/sec-tpm-file.cpp b/src/security/sec-tpm-file.cpp
index 56f42f8..c8dab80 100644
--- a/src/security/sec-tpm-file.cpp
+++ b/src/security/sec-tpm-file.cpp
@@ -102,6 +102,19 @@
}
}
+void
+SecTpmFile::deleteKeyPairInTpm(const Name &keyName)
+{
+ boost::filesystem::path publicKeyPath(nameTransform(keyName.toUri(), ".pub"));
+ boost::filesystem::path privateKeyPath(nameTransform(keyName.toUri(), ".pri"));
+
+ if(boost::filesystem::exists(publicKeyPath))
+ boost::filesystem::remove(publicKeyPath);
+
+ if(boost::filesystem::exists(privateKeyPath))
+ boost::filesystem::remove(privateKeyPath);
+}
+
ptr_lib::shared_ptr<PublicKey>
SecTpmFile::getPublicKeyFromTpm(const Name & keyName)
{
diff --git a/src/security/sec-tpm-file.hpp b/src/security/sec-tpm-file.hpp
index 8ef5586..d0a68b8 100644
--- a/src/security/sec-tpm-file.hpp
+++ b/src/security/sec-tpm-file.hpp
@@ -39,6 +39,13 @@
generateKeyPairInTpm(const Name & keyName, KeyType keyType, int keySize);
/**
+ * Delete a key pair of asymmetric keys.
+ * @param keyName The name of the key pair.
+ */
+ virtual void
+ deleteKeyPairInTpm(const Name &keyName);
+
+ /**
* Get the public key
* @param keyName The name of public key.
* @return The public key.
diff --git a/src/security/sec-tpm-memory.cpp b/src/security/sec-tpm-memory.cpp
index 71b1f62..d4de6fc 100644
--- a/src/security/sec-tpm-memory.cpp
+++ b/src/security/sec-tpm-memory.cpp
@@ -62,10 +62,16 @@
SecTpmMemory::generateKeyPairInTpm(const Name& keyName, KeyType keyType, int keySize)
{
#if 1
- throw Error("MemoryPrivateKeyStorage::generateKeyPair not implemented");
+ throw Error("SecTpmMemory::generateKeyPair not implemented");
#endif
}
+void
+SecTpmMemory::deleteKeyPairInTpm(const Name &keyName)
+{
+ throw Error("SecTpmMemory::deleteKeyPairInTpm not implemented");
+}
+
ptr_lib::shared_ptr<PublicKey>
SecTpmMemory::getPublicKeyFromTpm(const Name& keyName)
{
diff --git a/src/security/sec-tpm-memory.hpp b/src/security/sec-tpm-memory.hpp
index 21dc272..110442e 100644
--- a/src/security/sec-tpm-memory.hpp
+++ b/src/security/sec-tpm-memory.hpp
@@ -57,6 +57,13 @@
*/
virtual ptr_lib::shared_ptr<PublicKey>
getPublicKeyFromTpm(const Name& keyName);
+
+ /**
+ * Delete a key pair of asymmetric keys.
+ * @param keyName The name of the key pair.
+ */
+ virtual void
+ deleteKeyPairInTpm(const Name &keyName);
/**
* Fetch the private key for keyName and sign the data, returning a signature Blob.
diff --git a/src/security/sec-tpm-osx.cpp b/src/security/sec-tpm-osx.cpp
index fed73e1..25b42df 100644
--- a/src/security/sec-tpm-osx.cpp
+++ b/src/security/sec-tpm-osx.cpp
@@ -168,6 +168,30 @@
}
}
+ void
+ SecTpmOsx::deleteKeyPairInTpm(const Name &keyName)
+ {
+ string keyNameUri = keyName.toUri();
+
+ CFStringRef keyLabel = CFStringCreateWithCString(NULL,
+ keyNameUri.c_str(),
+ kCFStringEncodingUTF8);
+
+ CFMutableDictionaryRef attrDict = CFDictionaryCreateMutable(NULL,
+ 5,
+ &kCFTypeDictionaryKeyCallBacks,
+ NULL);
+
+ CFDictionaryAddValue(attrDict, kSecClass, kSecClassKey);
+ CFDictionaryAddValue(attrDict, kSecAttrLabel, keyLabel);
+ CFDictionaryAddValue(attrDict, kSecMatchLimit, kSecMatchLimitAll);
+
+ OSStatus res = SecItemDelete((CFDictionaryRef) attrDict);
+
+ if(res != errSecSuccess)
+ _LOG_DEBUG("Fail to find the key!");
+ }
+
void
SecTpmOsx::generateSymmetricKeyInTpm(const Name & keyName, KeyType keyType, int keySize)
{
@@ -465,10 +489,11 @@
kCFStringEncodingUTF8);
CFMutableDictionaryRef attrDict = CFDictionaryCreateMutable(NULL,
- 3,
+ 4,
&kCFTypeDictionaryKeyCallBacks,
NULL);
+ CFDictionaryAddValue(attrDict, kSecClass, kSecClassKey);
CFDictionaryAddValue(attrDict, kSecAttrKeyClass, impl_->getKeyClass(keyClass));
CFDictionaryAddValue(attrDict, kSecAttrLabel, keyLabel);
CFDictionaryAddValue(attrDict, kSecReturnRef, kCFBooleanTrue);
@@ -477,9 +502,9 @@
OSStatus res = SecItemCopyMatching((CFDictionaryRef)attrDict, (CFTypeRef*)&itemRef);
if(res == errSecItemNotFound)
- return true;
- else
return false;
+ else
+ return true;
}
diff --git a/src/security/sec-tpm-osx.hpp b/src/security/sec-tpm-osx.hpp
index c724ca7..915bb1d 100644
--- a/src/security/sec-tpm-osx.hpp
+++ b/src/security/sec-tpm-osx.hpp
@@ -35,6 +35,13 @@
virtual void
generateKeyPairInTpm(const Name& keyName, KeyType keyType, int keySize);
+ /**
+ * Delete a key pair of asymmetric keys.
+ * @param keyName The name of the key pair.
+ */
+ virtual void
+ deleteKeyPairInTpm(const Name &keyName);
+
virtual ptr_lib::shared_ptr<PublicKey>
getPublicKeyFromTpm(const Name& keyName);
diff --git a/src/security/sec-tpm.hpp b/src/security/sec-tpm.hpp
index dd9a55e..3336a32 100644
--- a/src/security/sec-tpm.hpp
+++ b/src/security/sec-tpm.hpp
@@ -35,6 +35,13 @@
*/
virtual void
generateKeyPairInTpm(const Name& keyName, KeyType keyType, int keySize) = 0;
+
+ /**
+ * Delete a key pair of asymmetric keys.
+ * @param keyName The name of the key pair.
+ */
+ virtual void
+ deleteKeyPairInTpm(const Name &keyName) = 0;
/**
* Get the public key